Abstract
In this study, a hybrid and layered Intrusion Detection System (IDS) is proposed that uses a combination of different machine learning and feature selection techniques to provide high performance intrusion detection in different attack types. In the developed system, firstly data preprocessing is performed on the NSL-KDD dataset, then by using different feature selection algorithms, the size of the dataset is reduced. Two new approaches have been proposed for feature selection operation. The layered architecture is created by determining appropriate machine learning algorithms according to attack type. Performance tests such as accuracy, DR, TP Rate, FP Rate, F-Measure, MCC and time of the proposed system are performed on the NSL-KDD dataset. In order to demonstrate the performance of the proposed system, it is compared with the studies in the literature and performance evaluation is done. It has been shown that the proposed system has high accuracy and a low false positive rates in all attack types.
Similar content being viewed by others
References
Deng R, Zhuang P, Liang H (2017) CCPA: Coordinated Cyber-physical attacks and countermeasures in smart grid. IEEE Trans Smart Grid 8(5):2420–2430
Qi L, Dou W, Zhou Y, Yu J, Hu C (2015) A context-aware service evaluation approach over big data for cloud applications. IEEE Transactions on Cloud Computing. https://doi.org/10.1109/TCC.2015.2511764
Depren O, Topallar M, Anarim E, Ciliz MK (2005) An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst Appl 29(4):713–722
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng SE-13(2):222–232
Milenkoski A, Vieira M, Kounev S, Avritzer A, Payne BD (2015) Evaluating computer intrusion detection systems: a survey of common practices. ACM Comput Surv (CSUR) 48(1):12
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):15
Ertoz L, Kumar V, Lazarevic A, Srivastava J, Tan PN (2002) Data mining for network intrusion detection. In: Proceedings NSF workshop on next generation data mining, pp 21–30
Liao HJ, Lin CHR, Lin YC, Tung KY (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24
Wazid M, Das AK (2016) An efficient hybrid anomaly detection scheme using K-means clustering for wireless sensor networks. Wirel Pers Commun 90(4):1971–2000
Aljawarneh S, Yassein MB, Aljundi M (2017) An enhanced j48 classification algorithm for the anomaly intrusion detection systems. Clust Comput:1–17. https://doi.org/10.1007/s10586-017-1109-8
Guo C, Ping Y, Liu N, Luo SS (2016) A two-level hybrid approach for intrusion detection. Neurocomputing 214:391–400
Singh R, Kumar H, Singla RK (2015) An intrusion detection system using network traffic profiling and online sequential extreme learning machine. Expert Syst Appl 42(22):8609–8624
Chahal JK, Kaur A (2016) A hybrid approach based on classification and clustering for intrusion detection system. Int J Math Sci Comput 2(4):34–40
Saleh AI, Talaat FM, Labib LM (2017) A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif Intell Rev:1–41. https://doi.org/10.1007/s10462-017-9567-1
Elbasiony RM, Sallam EA, Eltobely TE, Fahmy MM (2013) A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Eng J 4(4):753– 762
Ji SY, Jeong BK, Choi S, Jeong DH (2016) A multi-level intrusion detection method for abnormal network behaviors. J Netw Comput Appl 62:9–17
Kim G, Lee S, Kim S (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41(4):1690–1700
Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Procedia Comput Sci 45:428–435
Laftah Al-Yaseen W, Ali Othman Z, Nazri A, Zakree M (2015) Hybrid modified-means with C4. 5 for intrusion detection systems in Multiagent Systems. The Scientific World Journal
Parsaei MR, Rostami SM, Javidan R (2016) A hybrid data mining approach for intrusion detection on imbalanced NSL-KDD dataset. Int J Adv Comput Sci Appl 7(6):20–25
Kevric J, Jukic S, Subasi A (2017) An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput Appl 28(1):1051–1058
Yao H, Wang Q, Wang L, Zhang P, Li M, Liu Y (2017) An intrusion detection framework based on hybrid multi-level data mining. Int J Parallel Prog:1–19. https://doi.org/10.1007/s10766-017-0537-7
Farid DM, Zhang L, Rahman CM, Hossain MA, Strachan R (2014) Hybrid decision tree and naïve Bayes classifiers for multi-class classification tasks. Expert Syst Appl 41(4):1937–1946
Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system. Expert Syst Appl 67:296–303
Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl 27(6):1669–1676
Harb HM, Desuky AS (2011) Adaboost ensemble with genetic algorithm post optimization for intrusion detection. Int J Comput Sci Issues (IJCSI) 8(5):28
Kuang F, Xu W, Zhang S (2014) A novel hybrid KPCA and SVM with GA model for intrusion detection. Appl Soft Comput 18:178–184
Manickam M, Rajagopalan SP (2018) A hybrid multi-layer intrusion detection system in cloud. Clust Comput:1–9. https://doi.org/10.1007/s10586-018-2557-5
Vimala S, Khanaa V, Nalini C (2018) A study on supervised machine learning algorithm to improvise intrusion detection systems for mobile ad hoc networks. Clust Comput:1–10. https://doi.org/10.1007/s10586-018-2686-x
Ashfaq RAR, Wang XZ, Huang JZ, Abbas H, He YL (2017) Fuzziness based semi-supervised learning approach for intrusion detection system. Inf Sci 378:484–497
Ghosh P, Debnath C, Metia D, Dutta DR (2014) An efficient hybrid multilevel intrusion detection system in cloud environment. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN, 2278-0661
Sangkatsanee P, Wattanapongsakorn N, Charnsripinyo C (2011) Practical real-time intrusion detection using machine learning approaches. Comput Commun 34(18):2227–2235
Balamurugan V, Saravanan R (2017) Enhanced intrusion detection and prevention system on cloud environment using hybrid classification and OTS generation. Clust Comput:1–13. https://doi.org/10.1007/s10586-017-1187-7
Benmessahel I, Xie K, Chellal M (2017) A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl Intell 48:2315–2327. https://doi.org/10.1007/s10489-017-1085-y
Yang C (2018) Anomaly network traffic detection algorithm based on information entropy measurement under the cloud computing environment. Clust Comput:1–9. https://doi.org/10.1007/s10586-018-1755-5 https://doi.org/10.1007/s10586-018-1755-5
Feng W, Zhang Q, Hu G, Huang JX (2014) Mining network data for intrusion detection through combining SVMs with ant colony networks. Futur Gener Comput Syst 37:127–140
Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Syst Appl 39(1):424–430
Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering. Expert Syst Appl 37(9):6225–6232
Wang Y, Feng L (2018) Hybrid feature selection using component co-occurrence based feature relevance measurement. Expert Syst Appl 102:83–99
Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol 4:119–128
Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual information-based feature selection for intrusion detection systems. J Netw Comput Appl 34(4):1184–1199
Manzoor I, Kumar N (2017) A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl 88:249–257
Madbouly AI, Gody AM, Barakat TM (2014) Relevant feature selection model using data mining for intrusion detection system. arXiv:1403.7726
Zhang F, Wang D (2013) An effective feature selection approach for network intrusion detection. In: 2013 IEEE eighth international conference on networking, architecture and storage (NAS). IEEE, pp 307–311
Pervez MS, Farid DM (2014) Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: 2014 8th international conference on software, knowledge, information management and applications (SKIMA). IEEE, pp 1–6
Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65(10):2986–2998
Kang SH, Kim KJ (2016) A feature selection approach to find optimal feature subsets for the network intrusion detection system. Clust Comput 19(1):325–333
Beulah JR, Punithavathani DS (2018) A hybrid feature selection method for improved detection of Wired/Wireless network intrusions. Wirel Pers Commun 98(2):1853–1869
Bhattacharya S, Selvakumar S (2016) Multi-measure multi-weight ranking approach for the identification of the network features for the detection of DoS and Probe attacks. The Comput J 59(6):923–943
Bajaj K, Arora A (2013) Dimension reduction in intrusion detection features using discriminative machine learning approach. Int J Comput Sci Issues (IJCSI) 10(4):324
Osanaiye O, Cai H, Choo KKR, Dehghantanha A, Xu Z, Dlodlo M (2016) Ensemble-based multi-filter feature selection method for DDos detection in cloud computing. EURASIP J Wirel Commun Netw 2016 (1):130
Sethuramalingam S, Naganathan ER (2011) Hybrid feature selection for network intrusion. Int J Comput Sci Eng 3(5):1773–1780
Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl 21(6):1185–1190
De la Hoz E, de la Hoz E, Ortiz A, Ortega J, Martínez-Álvarez A (2014) Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps. Knowl-Based Syst 71:322–338
Eesa AS, Orman Z, Brifcani AMA (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 42(5):2670–2679
Lin SW, Ying KC, Lee CY, Lee ZJ (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12(10):3285–3290
Online The KDD CUP 1999 Data (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed July 2018
Online KDD-NSL Dataset (2009). http://nsl.cs.unb.ca/NSL-KDD/. Accessed July 2018
Scott SL (2004) A Bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45 (1):69–83
Mladenic D, Grobelnik M (1999) Feature selection for unbalanced class distribution and naive bayes. In: ICML, vol 99, pp 258–267
Breiman L (2001) Random forests. Mach L 45(1):5–32
Alsubhi K, Aib I, Boutaba R (2012) FuzMet: A fuzzy-logic based alert prioritization engine for intrusion detection systems. Int J Netw Manag 22(4):263–284
Quinlan RC (1993) 4.5: Programs For machine learning. Morgan Kaufmann Publishers Inc, San Francisco
Cannady J (1998) Artificial neural networks for misuse detection. In: National information systems security conference, vol 26, pp 368–381
Zhang Z, Shen H (2005) Application of online-training SVMs for real-time intrusion detection with different considerations. Comput Commun 28(12):1428–1442
Denoeux T (1995) A k-nearest neighbor classification rule based on Dempster-Shafer theory. IEEE Trans Syst Man Cybern 25(5):804–813
Hartigan JA, Wong MA (1979) Algorithm AS 136: a k-means clustering algorithm. J Royal Stat Soc Ser C (Appl Stat) 28(1):100–108
Han J, Pei J, Kamber M (2011) Data mining: concepts and techniques. Elsevier, New York
Alpaydin E (2014) Introduction to machine learning. MIT Press, Cambridge
Rodriguez-Galiano VF, Ghimire B, Rogan J, Chica-Olmo M, Rigol-Sanchez JP (2012) An assessment of the effectiveness of a random forest classifier for land-cover classification. ISPRS J Photogramm Remote Sens 67:93–104
Malekipirbazari M, Aksakalli V (2015) Risk assessment in social lending via random forests. Expert Syst Appl 42(10):4621–4631
Kotsiantis SB, Zaharakis ID, Pintelas PE (2006) Machine learning: a review of classification and combining techniques. Artif Intell Rev 26(3):159–190
Sill J, Takács G, Mackey L, Lin D (2009) Feature-weighted linear stacking. arXiv:http://arXiv.org/abs/0911.0460
Opitz D, Maclin R (1999) Popular ensemble methods: an empirical study. J Artif Intell Res 11:169–198
Wang G, Hao J, Ma J, Jiang H (2011) A comparative assessment of ensemble learning for credit scoring. Expert Syst Appl 38(1):223–230
Hall MA, Smith LA (1998) Practical feature subset selection for machine learning. In Computer science’98 proceedings of the 21st Australasian computer science conference ACSC, vol 98, pp 181–191
Almuallim H, Dietterich TG (1991) Efficient algorithms for identifying relevant features. In: Proceedings of the 9th Canadian conference on artificial intelligence, pp 38–45
Kira K, Rendell LA (1992) The feature selection problem: Traditional methods and a new algorithm. In: AAAI, vol 2, pp 129–134
Das S (2001) Filters, wrappers and a boosting-based hybrid for feature selection. In: Icml, vol 1, pp 74–81
Liu H, Yu L (2005) Toward integrating feature selection algorithms for classification and clustering. IEEE Trans Knowl Data Eng 17(4):491–502
Chandrashekar G, Sahin F (2014) A survey on feature selection methods. Comput Electr Eng 40(1):16–28
Jantawan B, Tsai CF (2014) A comparison of filter and wrapper approaches with data mining techniques for categorical variables selection. Int J Innov Res Comput Commun Eng 2(6):4501–4508
Naseriparsa M, Bidgoli AM, Varaee T (2014) A hybrid feature selection method to improve performance of a group of classification algorithms. arXiv:1403.2372
John GH, Kohavi R, Pfleger K (1994) Irrelevant features and the subset selection problem. In: Machine learning proceedings, vol 1994, pp 121–129
Chou TS, Yen KK, Luo J (2008) Network intrusion detection design using feature selection of soft computing paradigms. Int J Comput Intell 4(3):196–208
Selvakuberan K, Indradevi M, Rajaram R (2008) Combined Feature Selection and classification–A novel approach for the categorization of web pages. J Inf Comput Sci 3(2):083–089
Kohavi R, John GH (1997) Wrappers for feature subset selection. Artif Intell 97(1-2):273–324
Rodriguez JD, Perez A, Lozano JA (2010) Sensitivity analysis of k-fold cross validation in prediction error estimation. IEEE Trans Pattern Anal Mach Intell 32(3):569–575
Kittler J, Hatef M, Duin RP, Matas J (1998) On combining classifiers. IEEE Trans Pattern Anal Mach Intell 20(3):226–239
Japkowicz N, Shah M (2011) Evaluating learning algorithms: a classification perspective. Cambridge University Press, Cambridge
Patil TR, Sherekar SS (2013) Performance analysis of Naive Bayes and J48 classification algorithm for data classification. Int J Comput Sci Appl 6(2):256–261
Deng X, Liu Q, Deng Y, Mahadevan S (2016) An improved method to construct basic probability assignment based on the confusion matrix for classification problem. Inf Sci 340:250– 261
Elshoush HT, Osman IM (2011) Alert correlation in collaborative intelligent intrusion detection systems—A survey. Appl Soft Comput 11(7):4349–4365
Liu Y, Cheng J, Yan C, Wu X, Chen F (2015) Research on the Matthews correlation coefficients metrics of personalized recommendation algorithm evaluation. Int J Hybrid Inf Technol 8(1):163–172
Online.Weka Data Mining Tool. https://www.cs.waikato.ac.nz/ml/weka/. Accessed July 2018
Holmes G, Donkin A, Witten IH (1994) Weka: A machine learning workbench. In: 1994. Proceedings of the 1994 second Australian and New Zealand conference on intelligent information systems. IEEE, pp 357–361
Luo B, Xia J (2014) A novel intrusion detection system based on feature generation with visualization strategy. Expert Syst Appl 41(9):4139–4147
Lin WC, Ke SW, Tsai CF (2015) CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl-Based Syst 78:13–21
Liang H (2014) An improved intrusion detection based on neural network and fuzzy algorithm. J Netw 9 (5):1274
Hoque MS, Mukit M, Bikas M, Naser A (2012) An implementation of intrusion detection system using genetic algorithm. arXiv:1204.1336
Horng SJ, Su MY, Chen YH, Kao TW, Chen RJ, Lai JL, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38(1):306–313
Hwang TS, Lee TJ, Lee YJ (2007) A three-tier IDS via data mining approach. In: Proceedings of the 3rd annual ACM workshop on mining network data. ACM, pp 1–6
Kuang L, Zulkernine M (2008) An anomaly intrusion detection method using the CSI-KNN algorithm. In: Proceedings of the 2008 ACM symposium on applied computing. ACM, pp 921–926
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Çavuşoğlu, Ü. A new hybrid approach for intrusion detection using machine learning methods. Appl Intell 49, 2735–2761 (2019). https://doi.org/10.1007/s10489-018-01408-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10489-018-01408-x